From 001da860493b6cdf75dbfbbdbc1afe3e920afe4d Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 14 Nov 2024 19:26:43 +0100 Subject: [PATCH 01/25] Sysdig agent support and testing automations --- .../Partner/Sysdig/external-secret.yaml | 16 ++++++ .../Addons/Partner/Sysdig/namespace.yaml | 8 +++ .../Addons/Partner/Sysdig/sysdig-source.yaml | 9 ++++ .../Addons/Partner/Sysdig/sysdig.yaml | 51 +++++++++++++++++++ .../Testers/Sysdig/sysdig-test-configmap.yaml | 34 +++++++++++++ .../Testers/Sysdig/sysdig-test-job.yaml | 26 ++++++++++ .../Testers/Sysdig/sysdig-testjob-role.yaml | 26 ++++++++++ 7 files changed, 170 insertions(+) create mode 100644 eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Sysdig/sysdig-source.yaml create mode 100644 eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml create mode 100644 eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml create mode 100644 eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml create mode 100644 eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml new file mode 100644 index 00000000..c50b1cf9 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sysdig-secretstore-ekssnow + namespace: sysdig +spec: + refreshInterval: 1m + secretStoreRef: + name: eksa-secret-store #The secret store name we have just created. + kind: ClusterSecretStore + target: + name: sysdig-access-key # Secret name in k8s + data: + - secretKey: secret-sysdig-key # which key it's going to be stored + remoteRef: + key: secret-sysdig-key # Our secret-name goes here diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml new file mode 100644 index 00000000..256fe858 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: sysdig + labels: + aws.conformance.vendor: sysdig + aws.conformance.vendor-solution: sysdig-agent diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig-source.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig-source.yaml new file mode 100644 index 00000000..3f077342 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig-source.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: sysdig + namespace: flux-system +spec: + interval: 30s + url: https://charts.sysdig.com diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml new file mode 100644 index 00000000..4247ec62 --- /dev/null +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: sysdig + namespace: sysdig-agent +spec: + chart: + spec: + chart: sysdig-deploy + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: sysdig + namespace: sysdig-agent + version: 1.67.5 + interval: 30s + values: + global: + sysdig: + region: us2 # us1 | us2 | us3 | us4 | eu1 | au1 + kspm: + deploy: false # Disabled by default to optimize resources. Activating it without the right cluster sizing could lead to instability + clusterConfig: + name: myclusterName # Place here a meaningful cluster name to identify it + agent: + tolerations: [] # Nullifying tolerations disallows the agents from being executed in the Control Plane + # resourceProfile: custom + # resources: + # requests: + # cpu:600m + # memory: 1G + # limits: + # cpu: 1500m + # memory: 1G + sysdig: + settings: + collector_port: 6443 + nodeAnalyzer: + nodeAnalyzer: + tolerations: [] # Nullifying tolerations disallows the nodeAnalyzers from being executed in the Control Plane + benchmarkRunner: + deploy: false # Benchmark Runner disabled by default + secure: + vulnerabilityManagement: + newEngineOnly: true + valuesFrom: + - kind: Secret + name: sysdig-access-key + valuesKey: secret-sysdig-key + targetPath: global.sysdig.accessKey diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml new file mode 100644 index 00000000..a725a7cb --- /dev/null +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sysdig-test-configmap + namespace: sysdig-agent +data: + test.sh: |- + #!/bin/bash + echo -e "\n # Validation process started #" + kubectl wait pods -n sysdig-agent -l app=sysdig-agent --for condition=Ready --timeout=150s + sleep 30 + pod=$(kubectl get pod -l app=sysdig-agent -n sysdig-agent -o name) + logs=$(kubectl logs -n sysdig-agent $pod --tail -1) + if grep "Communication with server successful" <<< "$logs" + then + echo -e "\n # Sysdig Agent connection with server was success #" + # Let's generate some more events + touch /usr/bin/risky-file # Write below bin + history -c # Try to clear bash history + # Check if the above generated event has been successfully captured + sleep 30 + logs=$(kubectl logs -n sysdig-agent $pod --tail -1) + if grep "Taking action via policy: Sysdig Runtime Notable Events" <<< "$logs" + then + echo -e "\n # Sysdig Agent successfully captured the event #" + exit 0 + else + echo -e "\n # Error: Sysdig Agent didn't capture any event #" + exit 1 + fi + else + echo -e "\n # Error: Sysdig Agent couldn't connect with the server. Please check egress, region and token #" + exit 1 + fi diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml new file mode 100644 index 00000000..27a2677b --- /dev/null +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml @@ -0,0 +1,26 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: sysdig-agent-test + namespace: sysdig-agent +spec: + backoffLimit: 1 + template: + spec: + containers: + - name: job + image: 'alpine/k8s:1.26.2' + imagePullPolicy: Always + command: + - /bin/test.sh + volumeMounts: + - name: sysdig-test-configmap-volume + mountPath: /bin/test.sh + readOnly: true + subPath: test.sh + volumes: + - name: sysdig-test-configmap-volume + configMap: + defaultMode: 0700 + name: sysdig-test-configmap + restartPolicy: Never diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml new file mode 100644 index 00000000..a5658a04 --- /dev/null +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sysdig-agent-role + namespace: sysdig-agent +rules: + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "watch", "list"] + - apiGroups: [ "" ] + resources: [ "pods/log" ] + verbs: [ "get", "watch", "list" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: read-sysdig-agent + namespace: sysdig-agent +subjects: + - kind: User + name: system:serviceaccount:sysdig-agent:default + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: Role + name: sysdig-agent-role + apiGroup: rbac.authorization.k8s.io From ec7546a7a334b10b2af7b141fc16af079274ea63 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Fri, 15 Nov 2024 14:39:07 +0100 Subject: [PATCH 02/25] Fix namespaces --- eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml | 2 +- eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml | 2 +- eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml index c50b1cf9..6caefd2f 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: sysdig-secretstore-ekssnow - namespace: sysdig + namespace: sysdig-agent spec: refreshInterval: 1m secretStoreRef: diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml index 256fe858..8c2e8427 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: sysdig + name: sysdig-agent labels: aws.conformance.vendor: sysdig aws.conformance.vendor-solution: sysdig-agent diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml index 4247ec62..5bc70b9b 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -12,9 +12,10 @@ spec: sourceRef: kind: HelmRepository name: sysdig - namespace: sysdig-agent + namespace: flux-system version: 1.67.5 interval: 30s + targetNamespace: sysdig-agent values: global: sysdig: From ff486a2047ef351a5e8dd78b23c9c326f02f43da Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 19 Nov 2024 18:33:14 +0000 Subject: [PATCH 03/25] Fix namespace --- .../Addons/Partner/Sysdig/external-secret.yaml | 2 +- eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml | 2 +- eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml index 6caefd2f..c50b1cf9 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/external-secret.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: sysdig-secretstore-ekssnow - namespace: sysdig-agent + namespace: sysdig spec: refreshInterval: 1m secretStoreRef: diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml index 8c2e8427..256fe858 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/namespace.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Namespace metadata: - name: sysdig-agent + name: sysdig labels: aws.conformance.vendor: sysdig aws.conformance.vendor-solution: sysdig-agent diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml index 5bc70b9b..99742f64 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -3,7 +3,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: sysdig - namespace: sysdig-agent + namespace: sysdig spec: chart: spec: @@ -15,7 +15,7 @@ spec: namespace: flux-system version: 1.67.5 interval: 30s - targetNamespace: sysdig-agent + targetNamespace: sysdig values: global: sysdig: From a43487a88f0661fedc859a3b54442d92b8840678 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 19 Nov 2024 19:50:14 +0000 Subject: [PATCH 04/25] Switched sysdig agent driver to ebpf --- eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml index 99742f64..4a9fb75d 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -25,6 +25,8 @@ spec: clusterConfig: name: myclusterName # Place here a meaningful cluster name to identify it agent: + ebpf: + enabled: true tolerations: [] # Nullifying tolerations disallows the agents from being executed in the Control Plane # resourceProfile: custom # resources: From dc143f43b97e936b4d466e3e568b8afbd298573a Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Wed, 20 Nov 2024 22:56:31 +0000 Subject: [PATCH 05/25] Fixed namespace from tests --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml | 2 +- eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index a725a7cb..93daad8c 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: sysdig-test-configmap - namespace: sysdig-agent + namespace: sysdig data: test.sh: |- #!/bin/bash diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml index 27a2677b..42cd47cc 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: name: sysdig-agent-test - namespace: sysdig-agent + namespace: sysdig spec: backoffLimit: 1 template: diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml index a5658a04..9d42924b 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: sysdig-agent-role - namespace: sysdig-agent + namespace: sysdig rules: - apiGroups: [ "" ] resources: [ "pods" ] @@ -15,7 +15,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: read-sysdig-agent - namespace: sysdig-agent + namespace: sysdig subjects: - kind: User name: system:serviceaccount:sysdig-agent:default From 1014b44420acad98d991c58af4745ea57e53a7cb Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 09:13:57 +0000 Subject: [PATCH 06/25] Fix namespace test.sh --- .../Testers/Sysdig/sysdig-test-configmap.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 93daad8c..9fcb9b48 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -7,10 +7,10 @@ data: test.sh: |- #!/bin/bash echo -e "\n # Validation process started #" - kubectl wait pods -n sysdig-agent -l app=sysdig-agent --for condition=Ready --timeout=150s + kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s sleep 30 - pod=$(kubectl get pod -l app=sysdig-agent -n sysdig-agent -o name) - logs=$(kubectl logs -n sysdig-agent $pod --tail -1) + pod=$(kubectl get pod -l app=sysdig-agent -n sysdig -o name) + logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Communication with server successful" <<< "$logs" then echo -e "\n # Sysdig Agent connection with server was success #" @@ -19,7 +19,7 @@ data: history -c # Try to clear bash history # Check if the above generated event has been successfully captured sleep 30 - logs=$(kubectl logs -n sysdig-agent $pod --tail -1) + logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Taking action via policy: Sysdig Runtime Notable Events" <<< "$logs" then echo -e "\n # Sysdig Agent successfully captured the event #" From 308057de278cacb82df0d7188533307a7d8c471b Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 09:40:32 +0000 Subject: [PATCH 07/25] Increasing sleep timer for tests --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 9fcb9b48..6c2feef1 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 30 + sleep 120 pod=$(kubectl get pod -l app=sysdig-agent -n sysdig -o name) logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Communication with server successful" <<< "$logs" From bb08da23a073bbd8b8dfa099e25446ac5303fa5d Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 09:54:35 +0000 Subject: [PATCH 08/25] Fix test service account --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 6c2feef1..1a59496a 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 120 + sleep 180 pod=$(kubectl get pod -l app=sysdig-agent -n sysdig -o name) logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Communication with server successful" <<< "$logs" diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml index 9d42924b..7a5eeae2 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-testjob-role.yaml @@ -18,7 +18,7 @@ metadata: namespace: sysdig subjects: - kind: User - name: system:serviceaccount:sysdig-agent:default + name: system:serviceaccount:sysdig:default apiGroup: rbac.authorization.k8s.io roleRef: kind: Role From 1212d2773f7cc3dd7e53cb15691bcd836994ef0c Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 10:00:31 +0000 Subject: [PATCH 09/25] Modified test sleep parameter --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 1a59496a..725a1280 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 180 + sleep 90 pod=$(kubectl get pod -l app=sysdig-agent -n sysdig -o name) logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Communication with server successful" <<< "$logs" From 64019ac960788fda254394f68db584e8cdd9bef0 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 10:32:39 +0000 Subject: [PATCH 10/25] Prepared test job for multiple pods --- .../Testers/Sysdig/sysdig-test-configmap.yaml | 40 ++++++++++--------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 725a1280..690acb13 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -9,26 +9,28 @@ data: echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s sleep 90 - pod=$(kubectl get pod -l app=sysdig-agent -n sysdig -o name) - logs=$(kubectl logs -n sysdig $pod --tail -1) - if grep "Communication with server successful" <<< "$logs" - then - echo -e "\n # Sysdig Agent connection with server was success #" - # Let's generate some more events - touch /usr/bin/risky-file # Write below bin - history -c # Try to clear bash history - # Check if the above generated event has been successfully captured - sleep 30 + pods=($(kubectl get pod -l app=sysdig-agent -n sysdig -o jsonpath="{.items[*].metadata.name}")) + for pod in "${pods[@]}"; do logs=$(kubectl logs -n sysdig $pod --tail -1) - if grep "Taking action via policy: Sysdig Runtime Notable Events" <<< "$logs" - then - echo -e "\n # Sysdig Agent successfully captured the event #" - exit 0 + if grep "Communication with server successful" <<< "$logs" + then + echo -e "\n # Sysdig Agent connection with server was success #" + # Let's generate some more events + touch /usr/bin/risky-file # Write below bin + history -c # Try to clear bash history + # Check if the above generated event has been successfully captured + sleep 30 + logs=$(kubectl logs -n sysdig $pod --tail -1) + if grep "Taking action via policy: Sysdig Runtime Notable Events" <<< "$logs" + then + echo -e "\n # Sysdig Agent successfully captured the event #" + exit 0 + else + echo -e "\n # Error: Sysdig Agent didn't capture any event #" + exit 1 + fi else - echo -e "\n # Error: Sysdig Agent didn't capture any event #" + echo -e "\n # Error: Sysdig Agent couldn't connect with the server. Please check egress, region and token #" exit 1 fi - else - echo -e "\n # Error: Sysdig Agent couldn't connect with the server. Please check egress, region and token #" - exit 1 - fi + done; From 94c4e5792df36ee79ef1cd657baa3ff74be6ac9a Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 10:47:44 +0000 Subject: [PATCH 11/25] Raised test sleep time to allow capturing e2e detections --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 690acb13..d1004f8d 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 90 + sleep 120 pods=($(kubectl get pod -l app=sysdig-agent -n sysdig -o jsonpath="{.items[*].metadata.name}")) for pod in "${pods[@]}"; do logs=$(kubectl logs -n sysdig $pod --tail -1) From 783e6d1814a788ece70494d7119c56ea0cb1daa8 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 11:00:30 +0000 Subject: [PATCH 12/25] Remove ebpf connection strategy by default --- eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml index 4a9fb75d..cad9313e 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -25,8 +25,8 @@ spec: clusterConfig: name: myclusterName # Place here a meaningful cluster name to identify it agent: - ebpf: - enabled: true + #ebpf: + # enabled: true tolerations: [] # Nullifying tolerations disallows the agents from being executed in the Control Plane # resourceProfile: custom # resources: From e79b195d45bf17b95da0d7c6b4cd3133f3004302 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 11:30:46 +0000 Subject: [PATCH 13/25] Changed the detection message for e2e events --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index d1004f8d..0a4f6e6c 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -21,7 +21,7 @@ data: # Check if the above generated event has been successfully captured sleep 30 logs=$(kubectl logs -n sysdig $pod --tail -1) - if grep "Taking action via policy: Sysdig Runtime Notable Events" <<< "$logs" + if grep "Sent msgtype=31" <<< "$logs" then echo -e "\n # Sysdig Agent successfully captured the event #" exit 0 From 9ea15880a885ce802f9becaf4ef5f6deb6c56fd1 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 11:40:59 +0000 Subject: [PATCH 14/25] Increasing the time of the e2e test at server msgtype level --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 0a4f6e6c..0746090e 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -19,7 +19,7 @@ data: touch /usr/bin/risky-file # Write below bin history -c # Try to clear bash history # Check if the above generated event has been successfully captured - sleep 30 + sleep 60 logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Sent msgtype=31" <<< "$logs" then From b0d1cc94734545e5e7dd7352355756540b8670b6 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 11:49:04 +0000 Subject: [PATCH 15/25] Tuning e2e event checker to 100 secs --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 0746090e..49b0ca05 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -19,7 +19,7 @@ data: touch /usr/bin/risky-file # Write below bin history -c # Try to clear bash history # Check if the above generated event has been successfully captured - sleep 60 + sleep 100 logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "Sent msgtype=31" <<< "$logs" then From 8e4d6089cebde62ab4b71e5bb2d6aff23811303d Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 12:01:51 +0000 Subject: [PATCH 16/25] Sleep values optimization --- .../Testers/Sysdig/sysdig-test-configmap.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 49b0ca05..97e19f61 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 120 + sleep 100 pods=($(kubectl get pod -l app=sysdig-agent -n sysdig -o jsonpath="{.items[*].metadata.name}")) for pod in "${pods[@]}"; do logs=$(kubectl logs -n sysdig $pod --tail -1) @@ -19,9 +19,9 @@ data: touch /usr/bin/risky-file # Write below bin history -c # Try to clear bash history # Check if the above generated event has been successfully captured - sleep 100 + sleep 30 logs=$(kubectl logs -n sysdig $pod --tail -1) - if grep "Sent msgtype=31" <<< "$logs" + if grep "msgtype=31" <<< "$logs" then echo -e "\n # Sysdig Agent successfully captured the event #" exit 0 From 4bce86677f5105910e45ab5f4018f8a4315c70f8 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 12:08:24 +0000 Subject: [PATCH 17/25] Test optimization --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 97e19f61..c6615e04 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -15,8 +15,7 @@ data: if grep "Communication with server successful" <<< "$logs" then echo -e "\n # Sysdig Agent connection with server was success #" - # Let's generate some more events - touch /usr/bin/risky-file # Write below bin + # Let's generate events history -c # Try to clear bash history # Check if the above generated event has been successfully captured sleep 30 From 1cedceec47fe9caeea8f2c33585462fd5d88a58f Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 13:19:07 +0000 Subject: [PATCH 18/25] E2e test - ine tuning --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index c6615e04..8e3a10e0 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -8,7 +8,7 @@ data: #!/bin/bash echo -e "\n # Validation process started #" kubectl wait pods -n sysdig -l app=sysdig-agent --for condition=Ready --timeout=150s - sleep 100 + sleep 90 pods=($(kubectl get pod -l app=sysdig-agent -n sysdig -o jsonpath="{.items[*].metadata.name}")) for pod in "${pods[@]}"; do logs=$(kubectl logs -n sysdig $pod --tail -1) @@ -18,7 +18,7 @@ data: # Let's generate events history -c # Try to clear bash history # Check if the above generated event has been successfully captured - sleep 30 + sleep 180 logs=$(kubectl logs -n sysdig $pod --tail -1) if grep "msgtype=31" <<< "$logs" then From ed8042010ee1c955d45a667a38ea1ba5eee4b106 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 17:53:52 +0000 Subject: [PATCH 19/25] Convert job in a cronjob --- .../Testers/Sysdig/sysdig-test-job.yaml | 41 ++++++++++--------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml index 42cd47cc..40899398 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml @@ -1,26 +1,29 @@ apiVersion: batch/v1 -kind: Job +kind: CronJob metadata: name: sysdig-agent-test namespace: sysdig spec: + schedule: "0 1 * * *" backoffLimit: 1 - template: + jobTemplate: spec: - containers: - - name: job - image: 'alpine/k8s:1.26.2' - imagePullPolicy: Always - command: - - /bin/test.sh - volumeMounts: - - name: sysdig-test-configmap-volume - mountPath: /bin/test.sh - readOnly: true - subPath: test.sh - volumes: - - name: sysdig-test-configmap-volume - configMap: - defaultMode: 0700 - name: sysdig-test-configmap - restartPolicy: Never + template: + activeDeadlineSeconds: 1000 + containers: + - name: job + image: 'alpine/k8s:1.26.2' + imagePullPolicy: Always + command: + - /bin/test.sh + volumeMounts: + - name: sysdig-test-configmap-volume + mountPath: /bin/test.sh + readOnly: true + subPath: test.sh + volumes: + - name: sysdig-test-configmap-volume + configMap: + defaultMode: 0700 + name: sysdig-test-configmap + restartPolicy: Never From cc1df9f91ba128f726e999dd8b309312d373d058 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Thu, 21 Nov 2024 18:08:09 +0000 Subject: [PATCH 20/25] Fixed job to cronjob for tests --- .../Testers/Sysdig/sysdig-test-cronjob.yaml | 30 +++++++++++++++++++ .../Testers/Sysdig/sysdig-test-job.yaml | 29 ------------------ 2 files changed, 30 insertions(+), 29 deletions(-) create mode 100644 eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml delete mode 100644 eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml new file mode 100644 index 00000000..4b251e00 --- /dev/null +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml @@ -0,0 +1,30 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: sysdig-agent-test + namespace: sysdig +spec: + schedule: "0 1 * * *" + backoffLimit: 1 + jobTemplate: + spec: + template: + activeDeadlineSeconds: 1000 + spec: + containers: + - name: job + image: 'alpine/k8s:1.26.2' + imagePullPolicy: Always + command: + - /bin/test.sh + volumeMounts: + - name: sysdig-test-configmap-volume + mountPath: /bin/test.sh + readOnly: true + subPath: test.sh + volumes: + - name: sysdig-test-configmap-volume + configMap: + defaultMode: 0700 + name: sysdig-test-configmap + restartPolicy: Never diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml deleted file mode 100644 index 40899398..00000000 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-job.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: sysdig-agent-test - namespace: sysdig -spec: - schedule: "0 1 * * *" - backoffLimit: 1 - jobTemplate: - spec: - template: - activeDeadlineSeconds: 1000 - containers: - - name: job - image: 'alpine/k8s:1.26.2' - imagePullPolicy: Always - command: - - /bin/test.sh - volumeMounts: - - name: sysdig-test-configmap-volume - mountPath: /bin/test.sh - readOnly: true - subPath: test.sh - volumes: - - name: sysdig-test-configmap-volume - configMap: - defaultMode: 0700 - name: sysdig-test-configmap - restartPolicy: Never From dea4247728d8356da90b384e4bb4bfa06c5f6154 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Sun, 24 Nov 2024 21:27:52 +0100 Subject: [PATCH 21/25] Switched to ebpf again for better compatibility --- eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml index cad9313e..4a9fb75d 100644 --- a/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml +++ b/eks-anywhere-common/Addons/Partner/Sysdig/sysdig.yaml @@ -25,8 +25,8 @@ spec: clusterConfig: name: myclusterName # Place here a meaningful cluster name to identify it agent: - #ebpf: - # enabled: true + ebpf: + enabled: true tolerations: [] # Nullifying tolerations disallows the agents from being executed in the Control Plane # resourceProfile: custom # resources: From 51a87b07c2d5e3452f0702f63fc5e738debeb888 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 26 Nov 2024 19:20:33 +0100 Subject: [PATCH 22/25] backoffLimit rearranged --- eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml index 4b251e00..fa7435e5 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml @@ -5,9 +5,9 @@ metadata: namespace: sysdig spec: schedule: "0 1 * * *" - backoffLimit: 1 jobTemplate: spec: + backoffLimit: 1 template: activeDeadlineSeconds: 1000 spec: From 88c02cf2b67e176ea1ca3e8226b4176cdfbc9483 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 26 Nov 2024 19:24:01 +0100 Subject: [PATCH 23/25] rearranged cronjob activeDeadlineSeconds --- eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml index fa7435e5..0da1d9bc 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-cronjob.yaml @@ -8,8 +8,8 @@ spec: jobTemplate: spec: backoffLimit: 1 + activeDeadlineSeconds: 1000 template: - activeDeadlineSeconds: 1000 spec: containers: - name: job From df34652f9405236eb814ba90b357674e48429648 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 26 Nov 2024 20:10:45 +0100 Subject: [PATCH 24/25] Changed criteria for connection validation. New criteria works even for long term running agents --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 8e3a10e0..4c86a9b3 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -12,7 +12,7 @@ data: pods=($(kubectl get pod -l app=sysdig-agent -n sysdig -o jsonpath="{.items[*].metadata.name}")) for pod in "${pods[@]}"; do logs=$(kubectl logs -n sysdig $pod --tail -1) - if grep "Communication with server successful" <<< "$logs" + if grep "to collector at host" <<< "$logs" then echo -e "\n # Sysdig Agent connection with server was success #" # Let's generate events From c22800b229b31485eb3ffa409ce990a47ac627d4 Mon Sep 17 00:00:00 2001 From: manuelbcd Date: Tue, 26 Nov 2024 20:11:19 +0100 Subject: [PATCH 25/25] Comment fix --- eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml index 4c86a9b3..0ed88ac1 100644 --- a/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml +++ b/eks-anywhere-common/Testers/Sysdig/sysdig-test-configmap.yaml @@ -16,7 +16,7 @@ data: then echo -e "\n # Sysdig Agent connection with server was success #" # Let's generate events - history -c # Try to clear bash history + history -c # Try to clear bash history # Check if the above generated event has been successfully captured sleep 180 logs=$(kubectl logs -n sysdig $pod --tail -1)